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(57) A conputer system accotding to *«pr^ 
SLtion uS^two^ece 

to securely provide user authent«at«n o^T"**^ 
n^^l^ enixxrm^ o1 the inventon. a ^ 
entered during a secure P<^-^P;°Z 
Sr?he user pass^nd is encrypted t>y an externa^ 
« Inart «rd tt«t stores an encryp«on algorrthm 
SXed with an encryption key tt^tfe^ 
•rted produclioa A net«»ofV pass««id is therein crcateo. 
S nS pas^ is maintained ina 

ory space such as System Ma'«fl""^l^''„2iSi 
mernov When the user desires to access a nebMO* 
su^ as a hard drive in a server, the net^ 
'jSS^ocrypted and communi^ed oj^ ^ 
^ the case o. a server ha«l dnve. *e 

pasa^onJ is encrypted using the P^^^ 
Scther I<ey that is Kno^ to the serv^). Op^J^ 

identincation intom«tion is ^PP«^«^J° ^JfTj^ 
oassword prior to communication wer the nehvoiK "me 
SenSicatcnin1ormationcant>e .^ed^a^n^ 

of purposes, including Bmifing access to certain p«c^ 
1i S^SWcified users on specHled 'r^^^ 
Te^ived t^ server, the enaypted network passwoj 
J2S>ted using the server's piWfc key. A user v«ft- 
«S:^Tocess -^then performed on the net-* 
v«aJ to determine which, H any. access pr^nleges have 
been accorded the network user. Numerous other uses 
S ^e network password are disclosed, and permrt the 
Stwik resources to t,e securely compa^frr^'-J 
with the option to have n«Hiple user 
piece nature o« the authenticabon process a^ur« 
« Sher the user password or the external token is sto- 



,en » is of mtle value. Both pieces f ?jeqjjjr«d to 
a«ess protected resources and "J^MSly riert^a^f 
to the network Further, a ^"^^^^.J^ * 
maintained when worWng on dfferert machines. 



PiifMO tn Mm (UK) Buam^ S«ivk»» 
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Description 



The invention relates to security in a oonpirter sys- 

SJS^as inkxma«on attained m oihe, cntcal 
'^e'C^^oaoh to security invoh^-^ - 

'■^'^If'TS/d-^e.^ encrypted 

ectae d variable inlormafion called a "key" « . 
SiSciphertext There a,en«ny types oJk^^^s^ 
J^rSwc algorrthrr^. pr«».idlnfl vanr«« levels 

t»« most prevalent cryplog^ ^^^^ 
a,e generally referred to as 'symn^« ^^Sc^ 
LcrM toy or sir^gle key a|gor jo^ arj T.^^ ^ 

iBiso called asymmetric algorrthms), ine se^u' '» 
(also canea^°°^ ^ „ ^ ^ 

these algorrthms 'Sf^^'f'^^r'^ „ possible to 

details 0. ^''^Jl'TtiiriS^ "-^ 
Dut)llsh the algorrthm tor puDiic scruui^ 

^Senior inc^r^-fioj^^ ^ 

In most synvnetric algorithms, the ^^^^ ' 
^'i^e deo^o" K« ». ^ 



armngememis not practical when tor«B|n^ 

leZe^ eledronically '"^ "l^'iS^ L'S, 
v«Kk. THe nunter of keys also increases rapiaiy as 

iwrriber of users "mcreases. 

V/rth pubnc key algorithms, ^l^'^'^^ 

^^J^et^^tordecryptionisl^^^ 

S^^ol dphertext In ^^^^^^ ^ 
S^clk«, a sender retrieves the reap^ PKtf«^ 

authenticate the source of a message^^^ ^^^_^ 
one problem with pubfic k^ ^Jo^^*^ 
Public key algorithms are typ«ally onthe order oM .ow 

Sriidl^SlSS-tu'res. V^rth any of th^eaj^ 

proportional to the '©"S*' ^ "^^^^e keys 
Levis 40 brts long, the total numbw ol P«»»"lr^ 
S irabout 110 MKon. Given the computeb^ 
Ser ol^em computers, this .'5?^ 
S^^nadequate. By comparison, a ^^'^^^ d ^b* 
pSSi S.636 times as many possWe values as the 

'"'tS attention has been given J P'^-Jj^, 
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^ZTri^oe of this system is that certain forms of 
J^c^^^«^ecJS)Smemoryt>ecausein^ 5 

^ ^ STead protected. White ^^fj^ 
^swori protection is onei>iece in nature and « only 
as secure as the passwrerditseW 

Physical l«ys or tokens, such as those used to 

unioS?SorjSea1sobeenusedtopermitac«^to .o 

a ^er system. Uke the pass.«)rd Woad%*« 
^rfVecurfty is "one^rfece in nature, and « compn>- 

SedH^S or toJ is stolen. Anyone po^rj 
Steycanflainaccesstotheconputernel-«)rt^« 
^ed the same level of access as an auj^^ « 
^Currently, there exists no satisfactory n^ o« 
Styino user identity in grarrting access prMleges .n a 
distrlxited computing environment ^ 
Briefly, a coiiputer system according to thep^^ert 

•,n,^'Lt.Taesat»«i.ieceautherrticatK«p«^ ^ 

^^te^a^ provide user authenlication ov«^ nel^ 

^ STdXed «r*«diment of ^^J^'J"^^ 

^ entry process fe earned «;* 
Bo«er-up procedure. At some point durnigtf«sM^ 

SS-up procedure, the computer system ched«^ » 

STw^nce of an external token or smart card that IS 

JSSSSSe computer through specialized ha«h^ 
^SSen or smart cari is used to Stare an encrypb^ 
IS^ithm finished wim an encrypbon Key that K ^ 

unique or of limited prediction. ^ 

Folkwing detection of the external toten.fte«^ 

putJ user fe required to enter a plain t^^^'^P^ 
^ Once entered, the user password e ««ypted 
I^i^cryptionalgorithmCoraone-^hashhm^ 
S^'contHinS^nttneexternaltol^tJ^ « 

tained in a secure memory space such as 

agement Mode (SMM) memory. When *eus« d«.«6 

to access a neliwrk resource such as a hard drive .n a 

^e^^/neSassi-ordisencrypt^ ^ 
nSt^ over the networlt In the case of a server tend 
ttie net»«>rk passv«xd is e«=nrpted using the 
puWte key (or another key that is "-o^ ^ ^ 
server). Optional session key ornode -dentrficaton 
X^tion^fe appended to the network pa^dpnc* 45 

fJ^nication over the network. node jdenrt. 
cationinformationcant>eused1oravar.etyo»pur^^ 
Sduding limHing access to certain pieces of data to 

Eoedfied users on specHied machines. ^ . „ . „ 
"^ereceivedl^theserver.theencrypt^ne^ork so 

passwoid is decrypted using the ^f^^'l^"" J^e^ 
user veiHication process is then performed on the net 
fiSrd to determine which. H arjy. access prM- 
S^'^ve been accorded the network user AS an 

Xple.accesstocertainpiecesofdala^befcmrt«« « 
S a^ ec^ified user on a specified network node. Num«- 
SSr uses are contenplated tor the network pass- 
^ passwonJ can be utilized: to decrypt or 



encrypt data on the server hard drive (similar to a s«- 
SonWy). as part of a puWfc key/iprivate key or ^« 
of a spirt tey or forced key pair. Sud. uses pennrt 
Krver harl^Ms) or other nel««^ J^^o";-^ 
bL securely conpartmenlafeed wfth the opt«n to hav« 

multiple user Iwels. 

In an anernate embodiment of the |nv«*c«^ 

of the user password and encryption by the totoi « 
S^^dS^mal computer operation^ 

STsecure power-on sequence. In this 
Z inventio^ user password is ««f ^^i^flS 
a secure keyboanl communicattons channel. Aoaia *« 

%^'Slnasecured resource such as a ha«J dr«^ 
the various embodiments of the Hivennon. the 

nature of the authentication process a^res 
^SHL user password or the external tote. « 
S3i.Tis of imie value. Bolh pieces are requ.edto 
access protected resources and wely jde.*^^ 
to the network. Further, a network us«^ dentrty » 
maintained when working on different ^„ 
Abetterunderstandingofthepreseni™^^^ 
be obtained when the foHowing detafled <««cnpbonol 
jTe^Sened en*odimenl is considered in corHuncl«. 
with *e toltom^ng drawings, m whtah: 



Figire 1 is a schematk: btock diagram of a compiH 

ter system incorporating capabilities tor »>«o2!f! 
user authenlicafion according to the present inven- 

Sjie 2 is a schematic Wo* 
area network illustrating secure ««autti^^"^ 
and remote per,jheral access according to the 
present invention; «s,-<»m 
Rgire 3 is graphical representation of System 
Management Mode memory according to the 
present invention; and 11,.^—. 
Rgi^ es 4A and 4B are f towchart d^grarre illustra^ 
ing a twopiece procedure according to *e presert 
Uivenfion tor entering password intonnBtwn dunno 

a secure power-up procedura 
-me tonowing patents and applications are refer- 
enced in the text v*fch toBows: 

Our US Patent Na 5.537.540. entitled -m^NS- 
PABElTr. SECURE COMPUTER VIRUS DETEC- 
TION METHOD AND APPARATUS", is hereinafter 
referred to as the "SAFESTAOT pat^if: 
Our US Patent Application Serial No. 08«96 343^ 
SiHed. "SECURITY CONTROL FOR A PER- 
SONAL COMPUTER.- Wed on Mar* 3- 
Our US Patent No. 5.375.243. emitted "HARD DISK 
PASSWORD SECURITY SYSTEM"; _ 

Our US Patent Appn«tion^f«' 

entitled "METHOD AND APPARATUS FORPFO- 

"ilNG SECURE AND PR'^'J?^ "^^^SJ."? 
COMMUNICATIONS IN COMPUTER SYSTEMS . 
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ined on May 29. 1996: and ' 
Our US Patert Applicalion Ser^ ^k. Mf766.721 
Zr^n^ -A METHOD AND APPARATUS FOR 
I?OW.N^S TO SECURED ^PUTER 
RESOURCES BY UTILIZING A PASSVVORD AND 5 
eS?RNW. ENCRYPTON ALGORFTHM-. filed on 

December 13, 199a 



Referring firsi to Rflure 1. a cornputer sjjem S 
according to tf^e presert irim*«« «sho^^^ 
ierred entodiment. the system S 
Z^JZ WKfis- a Peripheral Component Interconnea 
^Ot^Pwh^SSesanaddress/cte^^jJ 
L a**^signal portion; and an IndiKlrySlanda^ 
?JSi(ISA?lx«lwtiichincludesanaddresspo^^ « 

SSSn and a control ^^-j, P°2°"- ^^^^'J 
^ buses P and I form the architectural t»c«x)ne 01 

PCI tx« p. Ttie processor 102 is pref«^jMl^P^ 
tium® processor from Intel Corporaboa btrt^u^ 

80486 or any nunfcer of similar or "«»-fl«^f^P~^ 
2so^ 1T« processor 102 drives 
S^portiJ?^06.and108ofare2bu^ 

le/el 2 (12) or external cache memory 104 ko*"*^ 
to Se S bus HB to provide additional ''^"OC^ 

chp 110 is conligured to control a s^.^ 
^?Sersm.T^e data buffers 112 are .^er^^ 
the 82433LX from Irrtel. and are coupled to J^n^ 
The ^ data bus 116 and a MD or n^/^*^ 
1 18 that is connected to a memory array 114. A rr«fl- 
;i Sess and memory contol signal bus « preyed 

Iromlhe cache and memory controller 110. 

•Sedatabuffe.s112.cacheandmemo2ra«*^^ 
110.^ PCl-ISA bridge 130 are «>nn«:ted tothe 
PCI bus P T>» PCl-lSA bridge 130 is used to oxrvert 
SlSbctwc^ the PCI bus P a«i the ISA b^-^ 
^SA bridge 130 indudes: the necessary add^ 
aS dl tSSrs. a^itration and bus master con^ - 
f V w «hP PCI bus P ISA arbitration circuitry, an ISA 
r cSnroL^'Js'Snv'entiona.ly ..ed ^r^^^^^^ 

an IDE (intelPigent drive ^^'^^^^^t^^ 
S^Aco^^rcl^Ahardc^sKd^el^ ^ 

t^V?S^^i^e:"r^iJ-^-ge 

devices (not shown) canbe sin™Tariy -n^^^^^^ 

In the disclosed embodimem the PCi ibA prcge 
13oSJo?nSesmiscellaneoussystemlo9ic.T7^«m«- 
S^Srs^em logic contains counters and activrty ss 

S^i's c^SentioSily present pe-nal conp..^ 
Urns, an inlenupt controHer ^^^^'^^ 
ixises P and I. and power managemenl logic. Aooroon- 



ally. the miscellaneous system logic ""d^ * 
Sly for a security management system teed ^ 
verHfcation and to alio* access to protected 
^^rcesasdescribedmorefullybelo* 

•n,e PCI-ISA bridge 130 also '^'^'T^ 
oenerate a "son- SMI (System l^nagementWem^ 

as SMI and keyboaol controller «;te*cec^ 
St^r TT^e miscellaneous system "ofl^ Jl^^e? 
SYtesh ROM 154 through write protecbon tog«164. 
Sparate enablafinternpl signals are abo^^«n-J- 
^ from the PCI-ISA bridge 130 to the hard dm« 
^ pSTrably. the PCHSAbridge 130 is a single -nte- 

iSed drcuH. but other combinations are,^^^ 
A series of ISA slots 134 are connected to the la^ 

K« it^ive ISA adapter cards. A series of PCI stoB 
^S'^e SSi pr^ on the PCI t« P-to receive 

^.er 165 •« also conneCedto ^e^ 
busP.Vrfeomemoryl66isusedto^egmphj«date 

2^ is connected to the video g^~ntn^ 
and a digital/analog converter (RAMDAC) 168^ 
Sio graSiics coi^oller 165 controls 
;e^'^?n«mory 166. eBo-nng data tobe ^^^^ 
retrieved as required. A moriitor connector 169 

the RAMDAC 168 tor coHnectng a monrtor 

'^ Anetwort^irterface controller (NIC) 122 fealsoo«>. 
nected to the PCI bus P. allowing the «>mpirt« 
StX. as a -node- on a n^ I'fZt^lZ 
LtrcHer 122 is a single integrated <^~« "^^"^ 
tt,e capabBHies necessary to act as ? Ffl bus 
andl^ as weB as circuitry requiredto art «b an 
Semet irterface. Attachment UnHim^ce O^OJ^ 
10 base-T connectors 124 are provided inthe system S. 
l^^'rconnected to the NIC ?22 vfanter andt^-^ 
former circuitry 126. This drcuHry 
Ethernet connection for connecting "T^^^^ 
tern S to a distributed computer envirwmenl or local 
area network (LAN) as shown in Figure 2. 

A combination UO ch*p 136 is «>""a^a?*'.*?^ 
bus I Thecombination I/O chip 136 preferably indudes 
?feIl2^^twoUARTS.afloppydiskcontrone*tor 

"cSS afloppy disk drive m ^^^^^ 
decode togic and security logic to control access to an 
frSnal « external CMOSAMVRAM memonr ("^ 
and Stored password values. Further deteiteo^ 
SSiplated uses ol the NVRAM -^^niory are p^ 
Sbetow Additionally, a control nne is pro*ndedto the 
S?l^protect-on togic 164 to further cortrd 
a^ei to the ftesh ROM 154. Serial port o»nn^ 
parallel port connector 132 are also connected 
to the corT*)ination I/O chip 136. ... w% 

^^8042 or keyboard controller, is also «iclud«f « 

«,e «n£Sion I/O bhj 136. The keyboard co.*<^'«L« 
^conventional design and is connected^turntoal^ 

^rd connector 158 and a mouse or poinb^ de.«e 
„„,w-^,^r iGO A keyboard 159 s connected to the 
ZS^ :X S S^u9h .he Keyboard connector 
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15a. 



Ji*^^ and date sgnals from tne a-ix» /v. 

I^Kl the computer system S con- 

''^'^^^JiTaS aS^ed to a COM or serial port 
sists o« a probe 186 «>«^^^ ' —--ected to the 

188. art! can be fully pc«»ered 
ment the secured remote peripheral takes lor 



„rf„-^ hanl drives 216.- 218 and 220. M^ou^ 
:S^an7t:uredne^«rkresourcela.tewrth.nthe 

scope of the invention. ..^^wi 
user authentication process 0!=^^'^^" 

When trie user utsotiw n«iiiiiork nass- 

such as a ha«J drive in a server 201. thenrt««>«pa^ 

the targeted network sen/er 201. ^ „,*jic kw 
R>lto*ino encryption with the server^ 
^2 ^Lorkoassword H communicated to the 
^ iheenayptednehjxk^^ .^^^^ ^^^„e« 

"S'and'ScI ^le -ayPted network passwo«J 

::2ra^r;;^;™d dr.es ai^ 21s. ^ 

verr^a^on - -^^^ 



55 
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access Drivaeges. Numerous other uses are contem- 

apperxJedxession XeZT^tltt 

220 through interface arcuitry zi*. . Hkdt 
passed protected de«ce such as .he disk 
drle described in our US-A-5.375.243. ^ 

Aone^ hashtundion or an encrypbon alo(K*m 

if^Kl^sBd to cowert the network password into 
f^LSS^SSS.^.5im«J'atekey):-mepseudo- « 
^^^tSSdthenbeusedbyadeterminisfcsys- 
S^O^rapi*lic-tey/k)rivate-keykeypa.A^ 
,S» .JSograpWc algorithm used to generate such 
^irSbun«.ny other algorithms sutlK^ 
'^/^menikK.ed.cptionalkeyssu^asasB^^ « 
o,lheuse.^puW«teycant^aPPe«ledtotter^ 

^.Lwmid orior to its transmisswn o^er the nOtniK 
5h^i^«l session key is prorkJed k>1he«* 

»aK*irtfk rv)de 200a and the networK servw 
rSS[lS?s,n«««^^ 
tev Encryption and decryption with SJ^^*?^ 
Sn;TSpica..y much encrypbon and 

decryption with pii*c key algorithms 

Mematively. the nelwo* pa««|«d ^ be «^ 

9fi a subset ol a current "super key" ay uwna 

n^S^201 ^^-^-.^one piece o. the admjr^ 
key and require »«t a va^J ^ 
passwortJ (the other portion of the ^* J^'^ 

S^'S^trtiS^o'XS^^^r^ngd^^^ 
S)S«^s and unk^c tokens 188 can a«^*^e 
^TS^ network resource. The adm.n«^^ 
^ K^oan be attered to encompa««^*o^ 
X.;^sswordsasthen^aJ«.Fui^«^ ^ 

^•rrs^^^-th^"-- ^ 

^K,i^^n^corp<^idcntHicationin1ormat«n.na^^^^ 45 
rc^toS^L^aigorithn^J^ng^^^^ 
ditferent tokens tor diflerenl actwilies - "^'"^ 

S wB^ici'onintormation to the encrypted n^ 

'*'i;S'uses 01 the disclosed two^iece 

„^oc«s oermit the server hard drives 216-220 

rZn^KScestobesecure^comp^^ « 

SlSUh the option to have multiple user levete. "m* 

arrangement t^s many potential W'cat«ns^F°' 
STacoiTpany might not want carta*, documents 



to be downtoaded outskte facTrty. •^^-'"r*^^ 
access orivileges to be Dmrted to spccrfied nodes 200 
STth^SSy. an additional level o. secunt^ 



The . «^em * *ffr''^'"™^ 



Referring now to Figure 3, certain ["cnjP^^^^ 
such as thePentium®processor from IntelCc^pomJ^ 
a mode referred to as System ftenagemert 
SS(SMM).whk*is.entereduponrec«ptdas^ 

Inaiemenl inlernpl (^^"^-^^^-^^^^ 
Dwer TOnagemert Wemvls devised by "^^^ forpaa 

zi, pcr^e '^^pSsrroSs 

draw Dwer from batteries whicn provwe » 

energy. To ^^^^^^^^IZ 
typteally asserted to turn off or reduce thetwwwta^ 

J^^componentthatisnotc^jnu^'^ 
Jia-many meant for laptop computers. SMis nawB 
SJS^piS^ tor desktop and other stattonary mod, 

* ^M?Lre asserted by either an SMI timer, by a sys- 
tem ^^^^ means. An SMlis a ncjvmaj^ 

^e a higl^er priority than the ^-^^^ 
averted a mferoprocessor maps a portion ol memory 

S^to as SMM memory 250 into *e m«in n«m«ry 

^«*;r« rjpx J state is tfien saved in the t>MWi 

Hte test insist out fashioa After the inrtial pit»- 
'^•Sttis Ihe processor 102 begins «e«*- 

»/« handler routine 252. which is an 
Il^eToutine to pertom. specHfc system managemwrt 
^sJdT as redudng power to specHfc de>nces or. ^ 

'^L^S^ne the routine is executed. oth« .r^ 
are not serviced, and are ignored unhl*^ 
routine te conpleted or * 
r^etWhentheSMlhandler252«)r^«te^^ 
.lessor state is retrieved from m«wy 250^ 

^Ihe main program continues. An SMl^ 
Srred to as the SM1ACT« signals provKled by the 
processor to indicate operation SMM. 
^ Asmentfoned.tonowingassert«nofrtsaW^ 
fthis is oenerally an active low signal), 'he proces^r 
?S «teTe SMI handler 252. which addressesa« 
l^r^ soace thai « separate from ordinary rna« 
mti^y ^Te^JS all m^ accesses refer only to 
sSTm JLy 250. input/ou^ul n/OJ a«^« - 
instructions such as IN or OUT are s^I '^^^^J^ 
normal lyO address space, however. 
Side-effect of the hardwired separate addressSJ«« 
fe ttet the routines stored in this space cannot be 
the cache, providing an addittonal layer of 

'''"'^a^ipical system -anag^nert j^eia^^ 
tatioartfeintendedthatbattery-backed SRAM chips be 
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into the address space «>«^ 3^°°°"^ 

defeat External ^^'^^l'^'^^*'^ 
ACr signal as a chip select s.flnal and thereby addr^ 
itt,e, me SRAM ch,>s (the 

le^eO. or the nonnal mam memoir (J^e SMWCT- 
sional Is at a logic high le/eO- By us.ng the SMIACT- 
*ea sSm mertKKy 250 and norn«l memory 
can be stridly separated 

Referring more spedfically to ngure 3. a 9^'^ 
representati^ of SMM memory 
adding to the presort invention 
tioned above, this address space is a*fressedby »« 

,02 Idlo^ng an S*^:^'!"-^^^;^^^ 
state of the processor 102 is stored in fte CPU regster 
SS;1S^r^^er252fe«,e^^^ 
cuted by the processor 102. Importantly. *e SMI ten 
S^lscan^v>.ittensuchthatrtper1onr«tasteo^ 
S^^er^Jo^. operatic,*. An SMI hf«l^ wrt- 
S a^rding to the present invenfoo « uflae 

Z encrypted user passed ("^^P^^^^S^ 
;S:^keys 256. and an encrypt«ji^lg^«^^ 
to securely pertonn encryption operator* that aOw a 
^STaWrtirtobe verified ever a IAN. Because SMM 
only addressable while the conpu^ 
'S?is in SMM. Storing the enoypted user 
S WypBon keys 256 and encryption algorrthm 258 

nxxJifying or reading these sensitive conipon«^^ 
So6e5en<xxfimenlofthelnventk«i.Theop*o^^ 
S^e SMM BAM cKtenslon 262 can be "««edtor 
^ely perlorming encryplion functions or to store 

additional encryption keys. 

Raring n^ to F^ure 4A and 48 an e^em,*^ 

powers sequence incorporating two^ec^^ ve* 

Sfion according to the inventon. -s shewn. The 
Hauence buiids upon a secure pwer-up procedure. 
ISTth^ deS^ed in the SAFESTART patent 
|Sly!5>is invention reduces the administrative r^u.re- 

S of earlier secure powers 
^ed non-DOS hart disk partiti«v« used to p^ 

coovuter system S and provide a secure en«- 
SnS fror^ which to verify files. Upon 
Si the computer performs the 

during whi* H ched« a SAFESTAFntra* 
oonpa ng its hash value to a value stored .n 
STSy oi the SAFESTART track is verified, min^ 
•SIfE^AKT routine is loaded into memory and exe- 

*^%,e SAFESTART routine first checks the mast^ 
boot?eLd and boot sectors Of the hart dfelejjj^^^ 

fication captures a large major^ of -'"f^^^Jr^ns 
formed before any code 'e^"""*" JT*"^* 
executed, thus pr^errting the ^^^f^^ ^^^^ 
viruses. Further checks are performed on SAFESTA^ 
ffli before each is executed. Eventually, ^y^^"* ''^ 
a^additional designated user files are venh^ 
SnceTe con^uter system was booted from ana^«' 
^^on. the drives are remapped to account tor the 



shm in logical disk drive ^^^S^^^J^^T w'^'lS'e 
Hon process is completed. SAFESTART fBesare 
SLnX>. a latch is set to present unauthonzedn«^ 

Sin initial hash values. a«l «>n^ "'fj^ 
- totheBOStoboottheuseroperat..^sy^em^jmuj_a 

* computer system inplememedaccordmgtothe SAra 

START patent insures that designated software^ 
^^iSnS^are trustworthy foaowingapower-up cycle. 

shown in ngure 2A. when power to the compi^ 
« tersystemSisinitiallyappliedorthesystemunderoow 
a restart, the POWER<)NseqMer«e3W«^ 
menced. In the first step 302 of the fOWER^ 
SSSce 200 the oooputer system S beQ-ns «ea*^ 
SLI^ ROM. The BIOS is preferably stoj«^^^ 
« MM 154 and contains tow level prograntiming for bool- 

aaessingfte hard drive 140. Control then V^ce^ro 

S5) 30? where the computer system S P«rf«^ « 

^er-on seH test ffOST) to defemiine rt all system 

20 hardware is operating properly. 

Mtowng addittonal power-on steps (t^*"™^"^ 
trol next proceeds to step 306 tor comj^K^rtrt a 

secure Dower-up procedure such as that d«a*a°" 
Sr^^'S^S ^ent. m the preferred e«*«Sn^ 
« sequences tor the securepc^-^P^^ 

^ are conHgured as an opbon ROM ai<l toMtad n 

SI option ROM ad*es8 space in a cor-«*«;«!^ 
ner Preferably, the operating sequences a^B 
af*; iXSon ROM inorter toall^^^ 
30 ^ s to be installed at the outset The system Bl^ 
2«utesthisportionofthesea.rep«^ 
as a Dan of its scan tor option ROMs, which are&»- 
Zli^e. encountered m POST. TWs anB|W^ 
Quires address decoding tor the po^er-on seqM™ 
36 txrt also sinvimes distribution into a family of eomputw 
«^t«^ >yrrnativdy. the po«er-oo sequence could be 
^mTaTrdir';ct c^cm the BKDS. rather than 

^ token 188 containing an encryption a^^JJ^ « 
wesert If the aforcmenfioned presence deteAoncff^ 

^^^eter mines that a token is nol P^^a^^"^ 
to step 310 to rf«play a message requ^rXiJ^ 
Seuser p^vWe a token 18a When a token 188 « 
^ detem^ined in step 308. control p«ses to 

KS2wheretheuserispromp.edtoenteraptejnt« 
^password. AS an anerriativetoamemonze^ 

text passwort could be 9e"^« «^ 

of iSmetrfcs. For example, a ^""^^ ' 
50 beconvertedintoaplaintexlpasswexdvalueMtisnrt^ 
ttitthepreciseorteringofsteps308-312snotconsKl- 

oroH rritical to the invention. ^ 

ft. use. r«^' » " "S^ 
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DES BSA. DSA.-BG2. BC4. eiowfish. IDEA. 3-WAX- 

m5c aS othe-s. IdeaHy. the algorithm .n ea* 

fo^lMisenaWed by an encryption key that e unc,ue 

n SSj^ucSn. such that « is impractical or 

Tr,^e to circumvent the verification process by 

usingasifcstitutetokea 

n is contenplated that the actual e"fyP»o",P'*" 
ess ocSw be carried oirt by the tol^ 188 ilseNJnttw 

SSS«n of the inven««,Jhe 
turned to the token 

nector 146 or alternate connectwn port T^^k^BB 
STpertorms the encryption function 

^^erSon algorithm and ^^S^pa^l 
FoIlo^Kng the encryption proces^ 
wcKd is returned to the computer system S v« the 

"^^S^^^rentxx^me; ot the inverse 
eJlS, algorithm is do^toaderi ■«^J^'' 
!^S»After the user pas»«xd has been entered. *«» 

STat the encryption ^^^^^^j^J^ Jl^ 
convuter memory after completion of t^ ^VP"?" 
^^and whne the computer sy«^«^"^ 
^e po^erKXi period. TOs step 
STalgorilhm trom being s.,reptitiously obteuned from 

■^^L^ng creation o. the P^^^^S 
proceeds to step 316 and optional 

for a sesrfon key) is appended. As men- 
2^^^^ n^e klentm^ iritoar^n aJovs fte 
to detemiine which node te bejng 
"uS? access ^'^^^^^J^'^^ ^ 

^tional node '''^^,,e^14^ 

either case, control next proceeos w 
nS^P^«l and any appended node rier^Ka- 
ST^^are stored in secure ^J^^^ 

SMM memory 250. IHe "f^T^J^^TeJ;^"^ 
be maintained in protectedflocked NVRAM or 
^^^o, in some other secure memory such as »«l 
^3"« the previously referenced US patent appfr- 
SST^d rS 08«963«. Foltowing this step, control 
^"e^2 Sp 320 and the secure po^ up proce- 

""ts'^tfobserved that in each o. the e^i" 
menteTthe invention descrtoed above, the 
T^ntition or password -H-.^°-^;J:S: 
oiece in nature. H either the user password or *ie eMa 
^T^n fe misappropriated, « is ol little value. Berth 
ScSle^^STg-^-^^ the network pas^oiA 
SSn. *re scope ot the invention not consdered to 
EL wSto the^losed secure power-up proc^^ 
JSt ihe precise ordering ol the power-up steps s 
««i mnsidered critical to the invention. 
""To^e atLe eotodiment o. ^^e'"-";-- 
Jpiece authentication P-ess co^u^^^i dt^rj 
norrnal con^uler operation outs«Je of the secure 



power-on sequence. In this ^^^^^ 
ion the user password fe commumcaled to seoffe 
nSwry by m^ a secure keyboanl 

SSrL such as that ^-'^'^JJ^^t'Ca 
enced US patent appfication na OS/^^^^ 

request for secure keyboard """ir*^^^ 
,S conputer-s processorto erner .ntoSMM.The^ 

handler then directs spedafeed 
and divert keyboard intermpls. s^JJ«^*f*_TW 
via the keyboard is only communeated » sewnM*«- 
rLjable memory. The secured keyboard «>mmw«M- 
S^S^nrS^evems the "=-^P'f ^^^^^ 
from being intercepted »V «fl^e~de^ 
such as a vims masquerading as a screen saver or 

device driver. _jh;«. 

Thus, a method has been descnTjed lor perm^ 

secure i^er authentication and remote penpheial 
1^ upon a twoi>ece user verBicabor, pro^ 
^ the disdosed en^xxfiment ol the «ivenl«n^ 
SvLlLtion process begins duringasecurepower- 

Z Procedure, the computer "^'^J^'''?^^^ 
*^ernal token or smart canl. "nje " ^ 
Srd is used to store an encryption a'O^"*^ J^^^ 
Zi^ an encryption key that is unique or f* "'™*^^^ 

plain tert user password. Once entered. «he«an««^ 
lo,a fe encrypted using the a«=nrption algcxrthmo^ 
SSd in the eternal token er^ « 
Password. When the networic user desir^ to acc^ a 
network resource, the networ^pas««nJ « 
^encrypted using "^IT^oS 
belore being communteted ^^J^^g^^ 
received by the server, the encrypted network pasa^ 
Td J^^ using the serv^^icl^^A^ 
cation DTOcess is then performed on the network f«ss 
S^to d^^ine whi^Til any. access privfl^^h^ 
::^iJccorded the networi. user. O^^^;^ 
cation information can be appended to ^^J^T^ 
^ord to provide additional levels ol access. The 

natSle o. the auther^tion proc^ 
that » either ttie user password or the a^*"*" * 
cto^en -It fe of little value. Both pieces are required to 
S^Sr^^ed resources and uniquely Wentrfyauser 

'"'^ifSSoing dfeclosure and description of the 
iove^ntr^^u^ative and exptenator/ ther^ 

larious changes in the "^^^^^ 
nerts circuit elements, wiring connections and con 
S?'as well as in the detaite o. the «>"*«»«1 "^"Sl 
;^«>nstruCion and method of 
wrthout departing from the spirn of the invention. 
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A method for securely a"thantK:atin9j«er ,d«^.W 
in a computer network including a network seo/w 
i^led to at least one network node capable of 
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commun'cating with an external token4hat includes 
a cryptographic algorrthm and an encryption key; 
the network node further incorporating a secure 
pc^er-i4> procedure or other secure operating 
nxxie, the method comprising the steps oh 5 

provkJing a user password to the network node; 
communicatively coupling the external token to 
the network node; 

provkling the user password to the crypto- 10 
graphk: algorithm stored in the token; 
erxrypting the user password with the crypto- 
graphic algorithm and the encryptkxi key to 
produce a network password; 
communicating the network password to the is 
network server; and 

corrparing the network password or portions 
thereof to inlbrmatkxi maintained by the net- 
work server in order to verify user identity 
and^ determine network privileges accorded 20 
to the network password. 

2. The method of claim 1. further comprising the step 
of: 

25 

enabfing or bk)ck2ng access to a secured net- 
work resource in response to the result of said 
step of comparing the network password to 
information maintained by the network server. 

90 

3. The metfiod of claim 1, v/herein said step of ena- 
bling or bk>cking access to a secured network 
resource comprises utilizing the network password 
to govern the encryption and decryption of speci- 
fied data maintained In the network server. - 35 

4. The method of daim 1 . wherein said step of provid- 
ing a user password to the network node is per- 
formed while the network rxxle is in a secure period 

of operation. 40 

5. The method of daim 4. v^erein tf>e secure period 
of operation indudes a secure pcwer-up procedure. 

6. The method of daim 1 . further corrprising the steps 4S 
of: 

prior to said step of comminicating the network 
password to the network server, encrypting the 
network password using a network pdbHic key; so 
and 

following said step of communicating the net- 
work password to the network server, decrypt- 
ing ttie network password using a network 
private key correspondirig to the network putsfic ss 
key. 

7. The mettxxi of daim 1 , further comprising the step 
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of appending node kientif k:atk>n information to tfie » 

network password prior to convnunrcating the net- 
work password to the network server. 

8. The method of claim 7. wfierein sakJ step of com- 
paring the network password or portions thereof to 
information maintained by the network server 
indudes Rmiting access to specified data t>ased 
Lpon the network password and appended node 
identifk^ation infonnatk>n. 

9. The metf)od of daim 1, wherein said step of 
encrypting the user password with the crypto- 
graphk: algorithm arxl the encryption key occurs in 
the token. 

1 0. The method of claim 1 , wherein sakJ step of provid- 
ing the user password to the cryptographk: algo- 
rrthm conprises downkiading txjth the 
cryptographk: algorithm and the user password to 
secure computer memory, snd wherein saki step of 
encrypting the user password with the crypto- 
graphk: algorithm arxJ the encryption key occuis in 
secure oonputer memory. 

11. The method of claim 1, wfierein tfie network pass- 
word is maintained in secure menmy space within 
the network node. 

12. ThemetfKxiof daim 1, wherein the token tea smart 
card. 

13b The mettxxi of claim 1, wherein the token is a 
Touch Memory™ device. 

14. The method of claim 1 , wherein the encryption key 
is unx)ue or of limited production. 

1& A computer system capatsle of securely provkJing 
two-piece user authenticatk>n data over a computer 
network, the computer system including capabilities 
for operating in conjunction with an external token 
containing a cryptographic algorrthm and an 
encryption key. and further f^ing a secure power- 
on process or other secure operating nrxxfe. the 
corrputer system comprising: 

a system bus; 

a processor coupled to said system Ixjs; 
token interface circuitry coupled to said proces- 
sor for communicating with the external token; 
network interliace drcuitry allowing said proc- 
essor to direct communk:ations to a network 
server; and 

security code stored in a processor readable 
medium for causing the processor to perform 
the steps of: 
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receiving a user password; 

prosadng the user password to the external 

receiving a network password from the 
external token, wheren the network pass- ff 

word is an encrypted verston of the user 

Dassword; and 

communicating the nehw* PaMwoid to 
the network server via said network inter- 
lace circuitry in order to alkw the computer 10 
user to access secured network resources. 



16 The computer system of daim 15. wherein said 
ISLS^e is «ecuted while the computer sys- 

tern is in a secure opeiat* ng mode. 

17. -me computer system of daim 15. ^^J^^ 
secureoperatnomodeisasearepoweronprooe- 

dure. 20 
18 The computer system of daim 15. wherein said 
seLSToode further causes said l^oce^octo 
^the network passwonJ using the netwwk 
se^piifckeyprkKtosaidstepofoommun^at- 
^enWkpas««xdtothenelworkserver. « 

19. The computer system of daim 15. *her^s^ 
security code further causes sad ^ 
2^ node Identification iofbnmfion to the n* 
^^ssword pria to said step of commun.cal.ng 
the network password to the network server. 

20. -the conputer system of daim 15. wherdn the 
external token is a smart cant 

21 -me corrvuler system ol daim 15. wherein the 
3rerStokenisaTouchMemory™de.«e. 

22. -me corrputer system of daim 15. ^her^n the 
encnSonkey te unK,ue or of HmKed produclK«. 
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